POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

Share this article:
Report: Data breaches up 62 percent in 2013
An investigation has confirmed that malware on point-of-sale systems is to blame.

Following an investigation with two independent security firms that dates back to January, arts and crafts retailer Michaels Stores confirmed on Thursday that, much like retail giant Target, its U.S. stores had experienced a payment card breach.

The Michaels breach involved malware on point-of-sale systems that neither security firm had encountered before, Michaels CEO Chuck Rubin wrote in a Thursday statement, explaining the malware has been removed and the incident has been fully contained.

About 2.6 million payment cards may have been compromised from Michaels outlets between May 8, 2013 and Jan. 27, Rubin said, adding that about 400,000 payment cards could have been compromised from Aarons Brothers stores, a Michaels subsidiary, between June 26, 2013 and Feb. 27.

Rubin explained that the breach impacted a “varying number” of Michaels stores, as well as 54 Aaron Brothers locations. The crafts retailer posted online which Michaels and Aaron Brothers locations were affected.

“While we have received limited reports of fraud, we are offering identity protection and credit monitoring services to affected Michaels and Aaron Brothers customers in the U.S. for 12 months at no cost to them,” Rubin said. “We also are offering these customers a fraud assistance service for 12 months at no cost to them.”

Rubin announced at the end of January that Michaels was looking into a possible payment card breach, shortly after technology writer Brian Krebs reported that the retailer was investigating an incident. The investigation was spurred due to reports of fraudulent activity on cards used in stores.

Share this article:

Sign up to our newsletters

More in News

Report: UK police push for required mobile phone PWs

The Metropolitan Police have reportedly lobbied for two years to enact the standard.

JPMorgan Chase customers targeted in massive phishing campaign

JPMorgan Chase customers targeted in massive phishing campaign

Roughly 500,000 emails have been sent out so far as part of a massive multifaceted phishing campaign targeting customers of JPMorgan Chase.

Study: Organizations lack training, budget to thwart insider threats

Study: Organizations lack training, budget to thwart insider ...

Of the 355 IT and security professionals surveyed, a majority indicated that they were ill-equipped to thwart a possible insider threat.